#CyberFLASH: Search engine can find the VPN that NUCLEAR PLANT boss DIDN’T KNOW was there – report

nukeThe nuclear industry is ignorant of its cybersecurity shortcomings, claimed a report released today, and despite understanding the consequences of an interruption to power generation and the related issues, cyber efforts to prevent such incidents are lacking.

The report adds that search engines can “readily identify critical infrastructure components with” VPNs, some of which are power plants. It also adds that facility operators are “sometimes unaware of” them.

Nuclear plants don’t understand their cyber vulnerability, stated the Chatham House report, which found industrial, cultural and technical challenges affecting facilities worldwide. It specifically pointed to a “lack of executive-level awareness”.

The study was conducted over an 18-month period and involved 30 interviews with “experts from several different countries, including the US, UK, Canada, France, Germany, Japan, Ukraine and Russia.”

Among its more frightening discoveries is that the notion “nuclear facilities are ‘air gapped'” is a “myth”, as “the commercial benefits of internet connectivity mean[s] that nuclear facilities” are increasingly networked.

Cybersecurity problems facing the industry largely result from legacy issues. As most industrial control systems at nuclear facilities were developed in the 1960s and 1970s (“when computing was in its infancy”) cybersecurity was not a consideration in their design.

Read more here

About canux
© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.